TRP: In your view will GDPR/NIS improve the overall security framework for small businesses and their customers?
Charles White: The consensus opinion is that UK PLC has had over six years of coaxing, education and persuasion to adopt a significantly better security posture. Last year, articles circulated stating that 96% of UK companies had been hacked. And so with all these things legislation swings in to drive behaviour and the GDPR is now the stick.
Conclusion
As a uniform approach to data protection in Europe, the new regulations move the consent to collect and use data that businesses now comply with to a more robust system, where data must be collected for a specially stated purpose. If your business wanted to use, say, a customer database for another purpose, your business would need to ask for permission again.
Anthony Merry, head of Data Protection at Sophos, concluded: "My key advice would be – don't ignore it and think 'I won't get fined'. Europe is taking the subject of data protection seriously and so should small businesses.
"Take the time to investigate what the GDPR and NIS Directives mean to your business, and if you don't feel comfortable doing it yourself then don't hesitate to reach out to your local regulatory body or to a trusted partner/consultant for advice.
"Protect the data you hold, encrypt it and always keep up to date with your security solutions. Always think: how would you feel if it was your data that was lost? How would you feel or be impacted?"
The new regulations are coming. They apply to medium-sized businesses, but smaller enterprises should use the opportunities to re-evaluate how they collect, store, use and transmit the personal data of their customers. In today's world of rising cybercrime, only those businesses that can show they take the personal data of their customers seriously will continue to thrive.